{"id":7963,"date":"2025-10-27T10:03:27","date_gmt":"2025-10-27T10:03:27","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/10\/27\/scattered-lapsus-hunters-onion-leak-website-taken-down-by-law-enforcement-agencies\/"},"modified":"2025-10-27T10:03:27","modified_gmt":"2025-10-27T10:03:27","slug":"scattered-lapsus-hunters-onion-leak-website-taken-down-by-law-enforcement-agencies","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/10\/27\/scattered-lapsus-hunters-onion-leak-website-taken-down-by-law-enforcement-agencies\/","title":{"rendered":"Scattered LAPSUS$ Hunters Onion Leak Website Taken Down By Law-enforcement Agencies"},"content":{"rendered":"<p>    Scattered LAPSUS$ Hunters Onion Leak Website Taken Down By Law-enforcement Agencies<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Law enforcement agencies from the United States and France have seized the onion leak website operated by the notorious Scattered LAPSUS$ Hunters collective, displaying a prominent seizure notice featuring logos from the FBI, Department of Justice, and international partners.<\/p>\n<p>This coordinated action, executed around October 9, 2025, targeted the BreachForums infrastructure, which the group had repurposed as a data extortion portal following a massive <a href=\"https:\/\/cybersecuritynews.com\/scattered-lapsus-hunters\/\" target=\"_blank\" rel=\"noreferrer noopener\">breach of Salesforce<\/a> customer databases.<\/p>\n<p>The takedown disrupts the group\u2019s ability to threaten and leak stolen data publicly, though experts warn that such actors often pivot to alternative channels like Telegram.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"embed-twitter\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Scattered Lapsus Shiny Hunters onion leak site has been seized if you believe the FBI would use the BreachForums takedown png <img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f923.png?ssl=1\" alt=\"\ud83e\udd23\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f923.png?ssl=1\" alt=\"\ud83e\udd23\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f923.png?ssl=1\" alt=\"\ud83e\udd23\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> <a href=\"https:\/\/t.co\/trfkV6iw1S\">pic.twitter.com\/trfkV6iw1S<\/a><\/p>\n<p>\u2014 Dominic Alvieri (@AlvieriD) <a href=\"https:\/\/twitter.com\/AlvieriD\/status\/1982409860911440198?ref_src=twsrc%5Etfw\">October 26, 2025<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"the-rise-of-scattered-lapsus-hunters\"><strong>Scattered LAPSUS$ Hunters<\/strong><\/h2>\n<p><a href=\"https:\/\/cybersecuritynews.com\/scattered-lapsus-hunters-statement\/\" target=\"_blank\" rel=\"noreferrer noopener\">Scattered LAPSUS$<\/a> Hunters emerged in August 2025 as an alliance of infamous hacking groups, including Scattered Spider, LAPSUS$, and ShinyHunters, often referred to as the \u201cTrinity of Chaos\u201d within the cybercrime underworld known as The Com.<\/p>\n<p>This supergroup quickly escalated its activities by launching social engineering attacks on Salesforce tenants, claiming to have stolen over one billion records from high-profile organizations such as <a href=\"https:\/\/cybersecuritynews.com\/adidas-data-breach\/\" target=\"_blank\" rel=\"noreferrer noopener\">Adidas<\/a>, Cisco, McDonald\u2019s, and Qantas Airways.<\/p>\n<p>Their campaign blended data theft with extortion demands, using BreachForums, previously a hacking bazaar shut down in 2023, as a clearnet and Tor-based leak site to pressure victims into paying ransoms.<\/p>\n<p>By early October, the group had listed dozens of compromised entities, setting a deadline of October 10, 2025, for payments to avoid data dumps.<\/p>\n<p>The seizure involved the U.S. Department of Justice, FBI, France\u2019s Central Brigade of Cybercrime (BL2C), and the Paris Prosecutor\u2019s Office, who took control of BreachForums\u2019 domains and backend servers, including database backups dating back to 2023. <\/p>\n<p>Visitors to the site, both on the clearnet (breachforums.hn) and onion versions, encountered an animated banner confirming the infrastructure\u2019s transfer to federal hands, mirroring past takedowns like RaidForums in 2022. <\/p>\n<p>Although the Tor site was briefly restored, the operation prevented immediate large-scale leaks, with the group defiantly posting on Telegram that \u201cseizing a domain does not really affect our operations.\u201d <\/p>\n<p>In response, Scattered LAPSUS$ Hunters leaked data from six companies across aviation, energy, and retail sectors on October 10, including personal details like names, emails, and phone numbers, before declaring no further releases.<\/p>\n<p>Despite the disruption, the collective announced a temporary dissolution on October 11, 2025, halting activities until 2026 to evade heightened law enforcement scrutiny while teasing an Extortion-as-a-Service (EaaS) model and potential targets like the FBI and NSA. <\/p>\n<p>Cybersecurity firms note that domain seizures rarely end such groups\u2019 operations entirely, as they maintain Telegram channels and could relaunch mirror sites swiftly. <\/p>\n<p>Organizations are urged to monitor for renewed activity, enhance <a href=\"https:\/\/cybersecuritynews.com\/salesloft-drift-data-breaches\/\" target=\"_blank\" rel=\"noreferrer noopener\">Salesforce security<\/a>, and review for indicators of compromise from social engineering tactics.<\/p>\n<p>This event underscores the persistent challenge of combating loosely organized cybercrime syndicates, with experts predicting the group\u2019s return in a more covert form. <\/p>\n<p>As the dust settles, the incident highlights international cooperation\u2019s role in curbing digital extortion, though vigilance remains essential in the evolving threat landscape.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/scattered-lapsus-hunters-onion-leak-website\/\">Scattered LAPSUS$ Hunters Onion Leak Website Taken Down By Law-enforcement Agencies<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Guru Baran<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/scattered-lapsus-hunters-onion-leak-website\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Scattered LAPSUS$ Hunters Onion Leak Website Taken Down By Law-enforcement Agencies Law enforcement agencies from the United States and France have seized the onion leak website operated by the notorious Scattered LAPSUS$ Hunters collective, displaying a prominent seizure notice featuring logos from the FBI, Department of Justice, and international partners. This coordinated action, executed around [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63],"tags":[130],"class_list":["post-7963","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7963"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=7963"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7963\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=7963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=7963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=7963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}